Taken from commit 2a53830958b1e90231742e1d8ae0523d463560e3
as the patch overall does not apply cleanly to 3.3.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27400)
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
(cherry picked from commit ada231523f6569c92795e16c9a61b7190f2032b1)
A call to EVP_PKEY_CTX_new() creates a keymgmt pointer internally,
but EVP_PKEY_CTX_dup() does not copy this field.
Calling EVP_PKEY_derive_set_peer_ex() after EVP_PKEY_CTX_dup() resulted
in a segfault because it tried to access this pointer.
EVP_PKEY_CTX_dup() has been updated to copy the keymanager (and upref it).
Reported by Eamon ODea (Oracle).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27304)
(cherry picked from commit 3c22da73465f5dd211299e64f0de8786dcaf86c3)
Fixes#27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
(cherry picked from commit 4f81470afadea3d1582d1df7f1b2b5e3ece63331)
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
(cherry picked from commit 6509f18c9fdbf76a63e8c6056da989cd047a7fb2)
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes#26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
(cherry picked from commit d890ad2b96efea4f5f4b0db190017ce9a3897df7)
In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.
CLA: trivial
Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK)
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)
(cherry picked from commit 28de1f5004c1083d358e6934552124a201e0251e)
This fixes a couple of big-endian issues in the
assembler code of chacha, SM3 and SM4.
Fixes#27197
Tested-by: @zeldin
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27252)
(cherry picked from commit 1a81d509a001607e40eb49174fa555068bdf7c48)
Detection for sc == NULL is performed after sc is used. Add the
check to the correct place.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27241)
(cherry picked from commit 7f6cc862c69800a72c49fcfe89e2931ee4ca2e7a)
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
(cherry picked from commit 8f06efe234ca875eb09af7f35f1ad3d62be696aa)
Kill the shell process after the Mock server is running,
to prevent the shell from printing an error message when
the Mock server is finally killed.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27144)
(cherry picked from commit c45f0dd80370f1aa942cf47fc5ea99cb887621e4)
We need to temporarily disable this as we have a build break in CI:
https://github.com/openssl/openssl/actions/runs/14192630435
Its occuring because gost-engine depends on libprov, which requires a
minimum version cmake-3.0. The update of github runners to cmake-4.0
causes a bail out as cmake 4.0 no longers supports cmake 3.0 syntax.
Libprov is fixed now, but gost-engine needs to update its libprov
submodule, and then we need to update the gost-engine submodule. Until
thats done (which may take days), we should disable the gost-engine
external tests
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27234)
(cherry picked from commit db9771b5a056d939b6112cdc099fbf4f86d184ee)
If you are intereseted in one you might be interested in the other.
Fixes#27137
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27210)
(cherry picked from commit 9eb21877f5704595a89cd550b1a639df86229b09)
We use the same extension-parsing function on server and client
for convenience, but while the server might worry about tracking
what was previously received and not overwriting it, on the client
receiving a request for post-handshake authentication, we always
want to use the values from the current extension (and should
always have a new session object that we are free to mutate).
It is somewhat unclear whether the server also needs the check
for a resumed connection; it appears to have been added back in
2015 in commit 062178678f5374b09f00d70796f6e692e8775aca as part
of a broad pass to handle extensions on resumption, but without
specific documentation of each extension's handling.
Fixes: #10370
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24651)
(cherry picked from commit ddd99d52d30e2fdae08f9684947cba45ce53898b)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27188)
(cherry picked from commit b8860598d2f7eab14fcf63c22579d879615465c8)
Reported by David Makepeace
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27203)
(cherry picked from commit 0a78595eac55cc9ec9d2046c704404ec52752b8c)
With our new FIPS provider certification, lets update the FIPS-README to
reflect our latest release and fips validated versions
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27178)
(cherry picked from commit 50316c18a0468bb0191904d7615955c9b47f061f)
Add a check for the return value of OPENSSL_strdup() to guarantee the success of allocation, similar to the other call sites.
Fixes: c7d5ea2670 ("Prepare to detect index changes in OCSP responder.")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27172)
(cherry picked from commit 930c645e6b74a09398f6345b2d265c38ff035afe)
There are a few more critical frame injections that
previously created an out-of-diskspace problem
and now only a CI test failure. The pattern
in the qlog files is always similar to this:
{"frame_type":"stop_sending","stream_id":6,"error_code":1152,"length":4},
{"frame_type":"path_challenge","length":9},...{}
Note: The stream_id 6 is a OSSL_QUIC_FRAME_TYPE_CRYPTO.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27170)
(cherry picked from commit 8ed3eee3b416d0bff4890bba24af4a7a1839bf78)
Things can get messy when application decides to use it's own memory
allocation functions using CRYPTO_set_mem_functions(3ossl)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27163)
(cherry picked from commit 7fa51041e4d68838b2c7ddf4f77d6bba0edf2735)
(cherry picked from commit 49bd72584a6733cd5ce610f4aca1ec92496e1d30)
Change description of B<X509_V_FLAG_CRL_CHECK_ALL> to reflect its inability
to function without B<X509_V_FLAG_CRL_CHECK> being enabled as well.
Fixes#27056 (https://github.com/openssl/openssl/issues/27056)
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27098)
(cherry picked from commit b7d3c729b14ccd9d23437d8ae107020a4332af72)
The new place is doc/internal/man3/bn_mul_words.pod.
Also removed outdated information.
Implementing the fix from https://github.com/quictls/quictls/pull/214Fixes#26399
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26597)
(cherry picked from commit 78b1fdf4a101ae4909038e90b2c3c961be5a7064)
If the flags argument does not contain the SMIME_STREAM bit,
the i2d_ASN1_bio_stream() function always returns 1,
ignoring the result of the ASN1_item_i2d_bio() call.
Fix the return value to the result of the ASN1_item_i2d_bio()
call for this case.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27106)
(cherry picked from commit 3edb1f09c62c058edf4039587ef35f6b074e0870)
Also drop 3.1 development branch as it is out of public support now.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27149)
(cherry picked from commit 725f55e235057c463feadabbb4d23450126117fd)
Fixes#27126
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27132)
(cherry picked from commit a006b0a0894b9aa399eee91bd28ca06b281eef7e)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27081)
(cherry picked from commit da8de0e8dd3e09655cd17ef700359c63acdc9cd4)
The OSSL_RECORD_LAYER needs to be properly freed when return code isnt success.
Memory leak fix
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27111)
(cherry picked from commit e5e4cf41c7af9b533265efb05e81ce1c56d58601)
Adds handling of V_ASN1_UNDEF to avoid NULL dereference
in case ASN1 structure contains an element of type ASN1_TYPE
without initializing its value (i.e. default constructed)
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27100)
(cherry picked from commit 8e08f9c5a013d9a9fb9e2db3c90a70eda50f78b5)
The problem seem to be caused by syntax errors due to injected
OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE packets which are too short
by 8 bytes.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27089)
(cherry picked from commit ad684e1a6a925c7fbadad7d309f0204f49e67105)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27089)
(cherry picked from commit 289dcbe008018b3cf81053cba2b36825a1f49b74)
That is bad, because this script does seem to have issues,
because it is itself linked against libcrypto, which causes
crashes in enable-asan builds:
ASan runtime does not come first in initial library list;
you should either link runtime to your application or manually
preload it with LD_PRELOAD.
../../util/wrap.pl python3 ../../test/recipes/70-test_quic_multistream_data/verify-qlog.py => 1
not ok 1 - running qlog verification script
not ok 2 - check qlog output
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27089)
(cherry picked from commit f346932a15b5ce0cf7e42628e0b02a1871de93e1)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27089)
(cherry picked from commit 9f85a036e331d2837db604fc505062f7790a8b2b)
We want to skip up to PACKET_remaining() and not "at least"
PACKET_remaining() bytes.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27138)
(cherry picked from commit 83b11af01738196b0ebde28a2f91df351c1c72fc)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27075)
(cherry picked from commit 27b88364e41f01cc1be6ff2941dd07919f286c89)
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27059)
(cherry picked from commit 952d9b83b20359e9ed0fff8f18a84add29949f6f)
Lowering the optimization level is no longer needed,
since the old compiler bug from ubuntu-20.04 has been
fixed meanwhile.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27033)
(cherry picked from commit c658a60aae5b3ac5a22cc11ad59d687bafcc6fbf)
(cherry picked from commit 9609e2a5f0af1e3151ec4f793ac99580d7b26577)
The OSSL_PKEY_PARAM_MANDATORY_DIGEST parameter is only handled by the
ed25519_get_params() and ed448_get_params(). The x25519 and x448
versions of get_params() always ignore that parameter, so it should not
be in the list of gettable params.
Fixes: 1a7328c88256 ("PROV: Ensure that ED25519 & ED448 keys have a mandatory digest")
cla: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27043)
(cherry picked from commit 482d3f9338b3d4c7537a1d112dce9c8e370c8d9f)
Only a minimum of 2 qp's are necessary: one for the readers,
and at least one that writers can wait on for retirement.
There is no need for one additional qp that is always unused.
Also only one ACQUIRE barrier is necessary in get_hold_current_qp,
so the ATOMIC_LOAD of the reader_idx can be changed to RELAXED.
And finally clarify some comments.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27012)
(cherry picked from commit a532f2302d9eac7a2ba52b9929b790c20347c9ba)
this adds a dummy atomic release operation to update_qp, which
should make sure that the new value of reader_idx is visible in
get_hold_current_qp, directly after incrementing the users count.
Fixes: #26875
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26964)
(cherry picked from commit 4a1a7fe5ce088964010779e1f5a90560903ecc76)
1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
for Montgomery multiplication.
2. ecp_nistp384-ppc64.pl:
- Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
minumum perl wrapper.
- Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
- Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
3. ecp_nistp384.c:
- Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.
Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26709)
(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26976)
(cherry picked from commit 2656922febfc36f6b44cff1c363917685633b4c5)
- Update allocate_new_qp_group to take unsigned int
- Move id_ctr in rcu_lock_st for better stack alignment
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26972)
(cherry picked from commit 7097d2e00ea9f0119a5e42f13a51487fb1e67aa3)
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26559)
(cherry picked from commit 8d6fd6142b0b55ce029df6d7b63dda5f7cb8ce54)
The current retirement code for rcu qp's has a race condition,
which can cause use-after-free errors, but only if more than
3 QPs are allocated, which is not the default configuration.
This fixes an oversight in commit 5949918f9afa ("Rework and
simplify RCU code")
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26952)
(cherry picked from commit 6e7be995fd7fd24d38b95982cf90f801ac045743)
to avoid the risk of backports not to cherry-pick
or unexpectedly breaking things.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26960)
And drop the rest.
The ubuntu-20.04 CI runners are discontinued.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26971)
(cherry picked from commit 4e9b542868890428f0294a4ce53fcde68c1fcaf7)
AIX (at least for 7.1) defines some macros for "events" and "revents" which
interferes with our own use of these names.
Fixes#24236
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26933)
(cherry picked from commit 5eb55ad8a70ef948432ba17e0985c7b4d3b13c25)
This updates the openssl documentation link to the one currently in use,
and removes the standards.txt section as that URL leads to the normal
documentation page and there is no "standards" page in the openssl
documentation site.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26759)
(cherry picked from commit da44eb2901bd541f86547d814f45ab305b918611)
